Solving Security Problems with 802.1x

802.1x can also be used to securely distribute per-station or per-session keying material. Remember that in a legacy WEP environment, everybody had the same shared secret WEP key. Now, with 802.1x, each client could have his or her own shared secret WEP key. This way, even if you successfully used a WEP cracking tool, you would only be recovering the key used for one particular user or session.

Unlike traditional WEP, which used the same shared secret for all users and sessions, 802.1x compromised keys could not be used to decrypt all the network traffic. This technique is commonly referred to as dynamic WEP and is used to mitigate some of the risks involved with WEP and its many publicized vulnerabilities. Further, since 802.1x allowed for automatic key regeneration, you could force your clients to rekey on a periodic basis, thereby resulting in fewer IV collisions. If you were particularly paranoid, you could even rekey every 30 seconds.

With TKIP, 802.1x can be used to securely distribute the master key, which is used to derive the encryption and MIC keys.